Lucene search
+L

3282 matches found

nvd
nvd
added yesterday8 views

CVE-2026-8919

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS0.00264EPSS
Exploits0References1
euvd
euvd
added yesterday9 views

EUVD-2026-44584

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS6.1AI score0.00314EPSS
Exploits0References1
redhat
redhat
added 5 days ago3 views

morgan: morgan: Log forgery due to unneutralized control characters

A flaw was found in the morgan HTTP request logging middleware. The :remote-user token writes the Basic auth username to access logs without neutralizing CR/LF control characters. An unauthenticated remote attacker can inject forged log lines via a crafted Authorization header, breaking...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References6
redhat
redhat
added 6 days ago4 views

morgan: morgan: Log forgery due to unneutralized control characters

A flaw was found in the morgan HTTP request logging middleware. The :remote-user token writes the Basic auth username to access logs without neutralizing CR/LF control characters. An unauthenticated remote attacker can inject forged log lines via a crafted Authorization header, breaking...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References6
euvd
euvd
added 6 days ago20 views

EUVD-2026-34067

morgan vulnerable to Log Forging via unneutralized control characters in :remote-user...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.6 views

PT-2026-56621

Name of the Vulnerable Software and Affected Versions CAXperts UPVWebServices versions 2.4.2212.603 through 2.7.6 UDiTH Portal versions 2026.0.0 through 2026.2.0 Description An authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/06 8:7 p.m.30 views

CVE-2026-55514 vLLM denial of service via prompt embeds on M-RoPE models

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...

7.1CVSS0.0037EPSS
Exploits0References4
nvd
nvd
added 2026/07/06 9:16 a.m.12 views

CVE-2026-1433

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS0.00217EPSS
Exploits0References2
cve
cve
added 2026/07/06 8:12 a.m.17 views

CVE-2026-1433

The CVE-2026-1433 issue affects uniFLOW Universal Login Manager (ULM) Standalone. An information disclosure vulnerability allows an authenticated administrator to access sensitive configuration data via the ULM Remote User Interface (RUI). The exposure can reveal SMTP/LDAP integration configurati...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/06 8:12 a.m.30 views

CVE-2026-1433 uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS0.00217EPSS
Exploits0References2
euvd
euvd
added 2026/07/06 8:12 a.m.6 views

EUVD-2026-41848

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.19 views

PT-2026-56006

Name of the Vulnerable Software and Affected Versions Amazon mcp-gateway-registry versions prior to 1.0.13 Description The metrics-service retention policy management component fails to properly neutralize special elements. This allows an authenticated remote user to execute arbitrary SQL queries...

8.6CVSS6.3AI score0.00325EPSS
Exploits0References7
nvd
nvd
added 2026/07/01 11:16 p.m.7 views

CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

6.5CVSS0.00202EPSS
Exploits0References2
cve
cve
added 2026/06/30 10:39 p.m.49 views

CVE-2026-14133

Technical details are not publicly available in the provided documents. Monitor for updates.

4.3CVSS5.8AI score0.00149EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/06/26 11:17 p.m.13 views

CVE-2026-28701

Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths...

9.8CVSS0.00702EPSS
Exploits0References2
euvd
euvd
added 2026/06/19 2:46 p.m.11 views

EUVD-2026-37802

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK installpackages...

8.4CVSS5.8AI score0.00302EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/10 9:27 p.m.13 views

CVE-2026-5078

A flaw was found in the morgan HTTP request logging middleware. The :remote-user token writes the Basic auth username to access logs without neutralizing CR/LF control characters. An unauthenticated remote attacker can inject forged log lines via a crafted Authorization header, breaking...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References5
nvd
nvd
added 2026/06/10 4:17 a.m.12 views

CVE-2026-24720

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

6.5CVSS0.0028EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.23 views

PT-2026-48372

Name of the Vulnerable Software and Affected Versions File Station 5 versions prior to 5.5.6.5208 Description A buffer overflow occurs when a program writes more data to a memory buffer than it can hold, potentially overwriting adjacent memory. A remote attacker with a user account can exploit th...

8.7CVSS5.7AI score0.00292EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.20 views

PT-2026-48369

Name of the Vulnerable Software and Affected Versions File Station versions prior to 5.5.6.5243 Description An issue exists where resources are allocated without limits or throttling. A remote attacker with a user account can exploit this to prevent other systems, applications, or processes from...

6.5CVSS5.3AI score0.0028EPSS
Exploits0References6
Rows per page
Query Builder